HIPAA Compliance and the Cloud

The Explosive Growth of the Cloud

There’s no denying the explosive growth of cloud computing to date, and no doubt that the sharp trend will continue well into the foreseeable future. A recent article by Forbes projects that by 2018, more than 60% of enterprises will have at least half of their infrastructure on cloud-based platforms. Spending on cloud computing infrastructure is expected to grow at a 30% CAGR from 2013 through 2018, compared with 5% growth for the overall enterprise IT.

Cloud Adoption in the Healthcare Industry

As the healthcare industry has migrated over to electronic management of patient protected health information, cloud computing has been a natural solution for issues around storage and accessibility. Last year’s HIMSS Analytics survey of healthcare provider organizations found that 83% of IT executives report to using cloud services today, demonstrating just how essential and pervasive cloud technology is to this industry. The top three cited reasons for adopting a cloud solution include less cost than current IT maintenance (55.7%), speed of deployment (53.2%) and solving the problem of not having enough internal staff and/or expertise to support on-premise alternatives (51.6%).

Amazon Web Services Leading the Way

In this ultra-competitive cloud computing space, it’s no surprise that Amazon’s Web Service (AWS) is leading the way. With more than five times the combined capacity of its next 14 rivals, AWS generates roughly $3 billion in annual revenue by offering services to business at a fraction of what it would cost if those businesses owned and ran their own computers. Benefits of AWS to businesses include no upfront investment, low ongoing costs, flexible capacity, speed and agility, global reach, and the freedom to focus on business and not IT infrastructure. While AWS delivers some of the most comprehensive cloud computing offerings in the world, it remains a public cloud service lacking management or implementation support, not to mention the necessary controls and safeguards for growing compliance needs by businesses that handle personal, financial or health related information.

Security and Compliance in the Cloud

With the rapid pace of cloud computing adoption and corresponding reliance on Amazon’s Web Services, heavy utilization by healthcare providers present some obvious concerns around security and compliance. According to HIMSS Analytics, Security and compliance concerns remain the top reason why IT healthcare organizations don’t adopt cloud services (61.4%), followed by the view of IT Operations as a completely internal function (42.3%) and uptime reliability (38.4%). Since Amazon Web Services customers are left to architect, implement and manage compliance, including HIPAA compliance, on their own, this is no small hurdle to overcome.

HIPAA Compliant Experts and the Cloud

A HIPAA Compliant environment requires very specific and sophisticated safeguards that extend well beyond the capabilities of many IT departments. In addition to encrypting protected health information, a HIPAA Compliant environment needs access controls, intrusion detection systems (IDS), password management, and a consistent approach to security patches to correct software vulnerabilities. Policy management, file integrity management and centralized logging services are also key requirements to a secure HIPAA Compliant solution.

Given these complex controls and consistently evolving security concerns in general as hackers become more sophisticated, it often makes sense to outsource compliance needs to a seasoned partner and remain focused on the company’s core business. Selecting a partner with years of compliance experience, ideally an AWS Advanced Consulting Partner, helps to ensure compliance, relieves much of the burden on IT and the business overall – and most importantly – protects consumers’ precious PHI.